In regard to your inquiry, the option to use and NVMe and SATA to do the RAID configuration is not available, in this case you can use either 2 NVWe’s or 2 SATA drivers or SSD’s, the reason for that is because the process to configure a RAID using NVMe’s is done on the BIOS, and the process to configure a RAID on the SATA drives is done using the IRST.

To answer your second question, the BIOS has the option for you to set a password on the hard drive, but that option will be enable depending of the hard drive, if the hard drive has or supports that feature, the yes, you can set up a password and create the RAID.

The NVMe's do not support a ATA password configuration.

On the following link you wil be able to verify further information about the RAID configuration on the Intel® NUC6i7KYK NUC:

Both your answers and the Intel documentation seem to assume all drives fall into one of two categories, either SATA+AHCI, or PCIe+NVMe.

What about PCIe+AHCI drives (like the SM951), could one of those theoretically be configured with an ATA Password and use the IRST?

The NVMe + Password limitation, is that an intentional design limitation in the BIOS due to it's not completely supporting NVMe, that's not planned to be fixed, or something that might see a fix sometime soon?

I've already got two Samsung 950 Pro 512's, at significant expense. Purchasing two (slower) AHCI drives would be a significant additional expense. I'd obviously prefer the fastest option available, and any PCIe SSD would be significantly faster than SATA, though, I'm wondering if the impact of full-disk software encryption on the 950 Pro's would be less than slower drives? It would really bother me to have to do software encryption on drives that are already performing hardware encryption :-(

Edit2: Apparently the SM951 may only support hardware encryption on some mysterious version of the 256GB model (that Lenovo ships with their P50/P70)?

In regard to your first inquiry, for the PCIe+AHCI drives also the option to create an ATA password will depend if the driver support the feature for encryption, since the password option is on the BIOS, and it is not related to the RAID structure, then you can set the password, and then create the RAID.

The NVMe + Password limitation is a design limitation, so, at this point there is no fix available to enable the password feature, let me apologize for that.

In regard on how the performance will be if you encrypt the SSD’s or hard drives, in order to get that information the best thing to do will be to get in contact directly with Samsung, and besides that you can also verify with them if a software encryption is needed.

I'm typing this from Windows 10 installed on two Intel 540s SATA SSD's in an IRST-based RAID1 array and with ATA Password / encryption enabled in the BIOS for each.

I'm still really disappointed that the NUC BIOS doesn't support setting a password on NVMe drives, and that I've had to spend a lot of money purchasing additional drives using older SATA technology instead of being able to use PCIe the Samsung 950 Pro's I'd already purchased with the NUC.

I attempted this, but was not successful, I believe due to limitations of my Samsung 950 Pro SSD's firmware. I've seen several complaints that a variety of hardware refuses to set the ATA Password on these drives, with the speculation that key management is not currently enabled, despite it's claims to support Class 0 / AES 256 bit encryption, and that this functionality was expected to arrive with a promised firmware update adding TCG/OPAL and IEEE1667/eDrive support. However, I now see that firmware update has been put on hold indefinitely :-(

Can you please report what model NVMe SSD you have tested to work with this feature?

I have just two days left in the return period for the SATA drives I purchased.

Ahh, this is very frustrating! I believe you only intended to state passwords aren't supported for NVMe drives (as my SATA drives are working with passwords and RAID). I'm sad to hear that's the case after all.

I had been wondering if you had perhaps tested with a new Intel 600p, which claims to support AES 256 bit hardware encryption. That would have been decent.

The only other PCIe NVMe SED I know of is the Lenovo 4XB0K48500 (which is apparently a custom Samsung SM951), though I have no idea if it's reported BIOS Password support is specific to the ThinkPad, or would also work on the NUC.

I guess I will have to keep the slow SATA drives I purchased after all :-(